David wrote:> My code that acts if a session has timed out looks like this:
>
> reset_session
> session[:expires_at] = nil
> # TODO - This flash is never shown, because we redirect maybe?
> flash[:error] = ''Your session has timed out, please login to
> continue.''
> # An attempt to make flash stick around, not working
> flash.keep
> redirect_to :controller => ''security'', :action =>
''login'' and return
> false
>
> The redirect works fine, but the flash does not. Before I discovered
> reset_session I was clearing the keys I didn''t need (e.g.
> session[:user_id]) one by one. I believe this showed the flash, but it
> doesn''t seem like the best idea if I want to add more to the
> authenticated users session (i.e. I may forget to clear out a variable).
I have not been able to fix this, but I have made a rather hackish
solution which seems to work in my application.
I believe the actual underlying problem could be caused by this ticket:
http://dev.rubyonrails.org/ticket/5584
To get round this, I have created a method called "clear_session".
All
this does is set session[:deleted] = true. After this, I immediately
redirect to the login form. The first thing the login controller does
is to run:
reset_session if session[:deleted]
This isn''t perfect, but it works in my application and most
importantly,
allows the flash to be shown on the login page. When the ticket above
is closed, I''ll just replace my clear_session throughout the code with
reset_session.
If anybody sees any glaring bugs here, please inform me! :)
--
Posted via http://www.ruby-forum.com/.